WordPress后台文件/wp-admin/includes/ajax-actions.php
记事本或者notepad++等文本编辑工具来编辑/保存PHP文件
1.在文件ajax-actions.php的3068行附近:$plugin = urldecode( $_POST['plugin'] );在这段代码后面加上:$plugin = plugin_basename( sanitize_text_field( wp_unslash( $_POST['plugin'] ) ) );
2.在文件ajax-action.php中大概3004行:if ( $plugin_update_data === true ) { wp_send_json_error( $status ); }修改为:if ( $plugin_update_data === true ) {$status['error'] = __( 'Plugin update failed.' ); wp_send_json_error( $status ); }
3.找到3025行:if ( is_wp_error( $wp_filesystem->errors ) && $wp_filesystem->errors->get_error_code() ) { $status['error'] = $wp_filesystem->errors->get_error_message(); } wp_send_json_error( $status ); } }修改为:if ( is_wp_error( $wp_filesystem->errors ) && $wp_filesystem->errors->get_error_code() ) { $status['error'] = $wp_filesystem->errors->get_error_message(); } wp_send_json_error( $status ); } else {// An unhandled error occured$status['error'] = __( 'Plugin update failed.' ); wp_send_json_error( $status ); } }修改保存后,wordpress后台插件更新模块任意目录遍历导致DOS漏洞就修复好了!